Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Swiftyyyy
Contributor

Client Upgrade Procedures

Hi,
What are your suggestions regarding executing organization-wide upgrades for EPS clients, especially when it comes to Cloud deployments.

While performing upgrades on On-Prem deployments we'd typically divide the userbase into virtual groups of 30-50 users and push the Endpoint Client version in waves. Since it's On-Prem and networks are largely gigabit or better that seems to work just fine. And since our On-Prem deployments typically range between 200 and 300 users it's not too overwhelming of an administrative load to split the users into Virtual Groups either.

But what are the suggestions for doing it on Cloud Deployments in larger environments; for example one such environment we're dealing with has ~2000 seats and spans several physical locations.
Obviously we could adapt a similar approach, but scale down the amount of parallel upgrades per physical location to work with the smaller WAN pipe.
Regardless, for 20 users/group that's still 100 Virtual Groups. And as far as I can tell, we can't even nest these groups to maintain some clarity in our asset directory structure. 

Is it possible to configure a local source for upgrades when Cloud deployments are involved? This way we could at least stick with the 50 users per wave configuration since the WAN pipe wouldn't be a bottleneck.

Do you have any other more efficient workloads in mind?

Thank you!

Luka

0 Kudos
2 Replies
Benedikt_Weissl
Advisor

>Is it possible to configure a local source for upgrades when Cloud deployments are involved?

Yes, you can configure this for windows clients in the endpoint portal via policy -> client settings -> installation and upgrade (https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/...). It works quite well in our setup, but I havent testet it with more than 100 users yet, so don't deploy all 2000 users at once.

Swiftyyyy
Contributor

Great, I'll be sure to test this option out!
Definitely not with 2000 users 😅, but it's sure to speed up our deployments.

Just one (or two) question(s) (possibly a dumb one); but when it comes to 

  1. Put the same packages in local storage location on client computers, for example: C:\TEMP\EPS\32bit\EPS.msi

I take this is referring to the .MSI I'd download from Cloud MGMT, not the package I'd download from the Endpoint homepage SK, right?

Also are you aware of any limitations regarding where to place this file? Is any network drive where Endpoints have access OK or how should we handle this? Do you place the .MSI on every Endpoint or just one central location on your local network?

0 Kudos